[Secure-testing-commits] r2726 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Nov 13 21:59:06 UTC 2005 

Author: jmm-guest
Date: 2005-11-13 21:58:59 +0000 (Sun, 13 Nov 2005)
New Revision: 2726

Modified:
   data/CVE/list
   data/DSA/list
Log:
new kernel dos, more DSA conversion work


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-13 21:14:21 UTC (rev 2725)
+++ data/CVE/list	2005-11-13 21:58:59 UTC (rev 2726)
@@ -1,3 +1,6 @@
+CVE-2005-XXXX [kernel: NFS leases mem leak]
+	- linux-2.6 <unfixed>
+	NOTE: Pinged Horms
 CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
 	TODO: check
 CVE-2005-XXXX [user logout in drupal has no effect]
@@ -12030,9 +12033,8 @@
 	- kernel-source-2.6.9 2.6.9-6
 	- kernel-source-2.6.10 2.6.10-6
 CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to ...)
-	NOTE: see USN-82-1
-	NOTE: only affects 2.6.9
-	- kernel-source-2.6.9 2.6.9-6
+	NOTE: see USN-82-1, only affects 2.6.9
+	- linux-2.6 2.6.12-1
 CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...)
 	- php4 4:4.3.10-3
 CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
@@ -14775,6 +14777,7 @@
 	RESERVED
 CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...)
 	{DSA-510}
+	- jftpgw 0.13.4-1
 CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
 	NOTE: fixed in linux 2.4.26
 CVE-2004-0446
@@ -14958,6 +14961,7 @@
 	NOT-FOR-US: CDE
 CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
 	- ethereal 0.10.3 (bug #239576)
+	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
 CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...)
 	{DSA-469}
 	NOTE: Changes probably too intrusive during freeze, maintainer did not yet ask
@@ -14965,6 +14969,7 @@
 	- pam-pgsql 0.5.2-9
 CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...)
 	- ethereal 0.10.3 (bug #239576)
+	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
 CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...)
 	NOT-FOR-US: WrapNISUM ActiveX
 CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-13 21:14:21 UTC (rev 2725)
+++ data/DSA/list	2005-11-13 21:58:59 UTC (rev 2726)
@@ -1554,13 +1554,13 @@
 	[woody] - gallery 1.2.5-8woody2
 [30 May 2004] DSA-511 ethereal - buffer overflows
 	{CVE-2004-0176}
-	- ethereal 0.10.3-1
+	[woody] - ethereal 0.9.4-1woody7
 [29 May 2004] DSA-510 jftpgw - format string
 	{CVE-2004-0448}
-	- jftpgw 0.13.4-1
+	[woody] - jftpgw 0.13.1-1woody1
 [29 May 2004] DSA-509 gatos - privilege escalation
 	{CVE-2004-0395}
-	- gatos 0.0.5-12
+	[woody] - gatos 0.0.5-6woody1
 [22 May 2004] DSA-508 xpcd - buffer overflow
 	{CVE-2004-0402}
 	- xpcd 2.08-10

More information about the Secure-testing-commits mailing list